Russian Hacker’s $1.7M Restitution Order Overturned

A Russian cyber-criminal who hacked into three tech companies and stole more than 100 million user credentials will not have to pay restitution to his corporate victims.

Yevgeniy Aleksandrovich Nikulin was found guilty in July 2020 of causing data breaches at LinkedIn, Dropbox, and the now defunct social media platform Automatic in 2012. 

Speaking during the closing arguments of Nikulin's trial, Assistant United States Attorney Katherine Wawrzyniak told the jury: “The data from one intrusion facilitated the next.”

Nikulin gained access to LinkedIn's data by hacking into the personal computer of LinkedIn engineer Nick Berry, then installing malware that gave him access to Berry's virtual private network (VPN) and the login credentials used by Berry to work remotely.

Nikulin used Berry's credentials to access LinkedIn's internal database and steal user credentials, which he then sold to associates. Some of the stolen data was used by Nikulin to infiltrate the work account of Dropbox employee Tom Wiegand and gain access to a shared employee Dropbox account.

Next, Nikulin used credentials stolen from Dropbox to compromise the work account of Formspring employee John Sanders and exfiltrate millions of hashed user passwords. 

Nikulin was sentenced to serve 88 months in federal prison by US District Judge William Alsup. Nikulin was further ordered to pay LinkedIn half the $2m restitution that the company had requested.

Alsup also ordered Nikulin to pay restitution of $514,000 to Dropbox, $20,000 to Formspring, and $200,000 to WordPress parent company A ..

Support the originator by clicking the read the rest link below.